Analysis
-
max time kernel
150s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
22/11/2022, 09:37
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
17 signatures
150 seconds
General
-
Target
file.exe
-
Size
316KB
-
MD5
fc07297b72e3b3731d82f1e8f3fe5387
-
SHA1
4432ac12529925380f785f986be69d84daf7973c
-
SHA256
e7d3d06f6affb4914434bcc5610348732ef1e36fc0c00df0c64538e9c424edb7
-
SHA512
48e7e74ff2ef66952a57736804cd16e9e1f2edd36d2449e51def68507fa039c42781e5d4c37f6afc01abc4434de672a247ba046ca7dd1d861d8030159f350376
-
SSDEEP
6144:gmuPqQvIJuqtIcfeYOOPIgY22tThsIeGjY6YML:UqijqtIuO4G22ZVEpML
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1732-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1732 file.exe 1732 file.exe 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found 1224 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1224 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1732 file.exe